----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/760/ -----------------------------------------------------------
(Updated 2011-05-21 10:03:03.945137) Review request for shindig. Changes ------- Change the fix to sets auth header back for any handler that return null security token and also when throwing InvalidAuthentictionException. This is to make sre if any auth handler could sets auth header, then it has change to do it just in case the next one return null auth header for null security token. Summary (updated) ------- Update the AuthenticationServletFilter: 1. Make the auth realm configurable via property or override able protected method. 2. Sets the auth header from the right handler. Currently the code just sets the response's WWW-Authenticate header whenever an auth handler return null st. So if the next handler return a security token, the response contains WWW-Authenticate header from previous handler. This CR change the logic to also add WWW-Authenticate header if token is not set or InvalidAuthenticationException is thrown. Diffs (updated) ----- trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java 1125364 trunk/java/common/src/test/java/org/apache/shindig/auth/AuthenticationServletFilterTest.java 1125364 Diff: https://reviews.apache.org/r/760/diff Testing ------- Update unit test for null st. Thanks, Henry
